Create privilege to allow user group can search ECO & BOM and do anything else in user group only.
Please help to shared creating a privilege for user in group to search ECO & BOM.
Example :
USER GROUP CUST1
user A;
user B;
user C:
USER GROUP CUST2
user X;
user Y;
user Z:
user A import Bom & create ECO load to agile system. we need user B,C can search and do anything else.
And USER GROUP CUST2 do not search and do anything else in USER GROUP CUST1.
Please help.
You will need 2 User Groups instead of User Group Cust 1 each with the respective users (A in the first and B, C in the second). Then you can have 2 different roles with the required privileges. Assign the User Group to the corresponding Roles.
If I understand correctly – You only want members of User Group A to be able to discover certain ECOs and BOMs and User Group B to discover OTHER specific ECOs and BOMs.
If this is the case – there needs to be some specific criteria on which to base the discovery privilege(s).
This can be achieved using a Page Two MultiList “Access Control” attribute that uses the User Group list. That way you can create your limited/restricted discovery criteria and privilege based on this field.
The idea is to only allow the logged in user to find objects that contain their User Group(s) in the access control field. The bonus here is that you don’t have to build out separate criteria for each usergroup as you can use the $USERGROUP variable.
Example Criteria – “ECOs for my Group” (ECOs Page Two.Access Control Contains $USERGROUP)
Discovery Privilege – (using above criteria) “Discover ECOs for My Group”
The same privilege can be given to both User Groups and will only give them access to the ECOs that contain their User Group(s) in the Access Control field.
Dannypitt,
Thanks you so much for best solution.
I have some question.
1. In Criteria ” ECOs Page Two.Access Control ” is meaning Object Type =”ECO”
2. Page Two.Access Control is meaning “Page Two.MultiList 01,Page Two.MultiList 02,Page Two.*, etc )
3. If other attribute is concern , should be add to Criteria , right ?.
– Page three , Afftected item , etc.
And I can not find constant $USERGROUP
Regards;
Yes, for the Criteria you would use whichever object type is applicable and the Page Two.Multilist attribute that you use for “Access Control”.
The $USERGROUP variable should be available if the attribute selected for your criteria uses the “User Groups” list.
Hi Dannypitt,
I don’t understand ” if the attribute selected for your criteria uses the “User Groups” list. ” . Because I try create criteria and add any condition to my criteria but not found .the $USERGROUP.
Or I mistake some step.
My Agile is Agile Product Collaboration version 9.3.5
Please advise and see the attachment file.
The field you are using for your criteria, “Create User”, uses the Users dynamic list so you see $USER instead of $USERGROUP. You need to use an attribute that uses the User Groups dynamic list in order to use the $USERGROUP variable .
The solution that I was suggesting does not necessarily refer to the “Create User” to allow read/modify rights, but instead you would use/create a separate multilist attribute that would need to be populated (perhaps by the create user) with the appropriate user groups (groups that should have access to the object).
I suppose it could be used in conjunction with the create user field if that really does matter, but then you are somewhat limited as you’d need to list out the specific users in your criteria which could lead to a fair amount of maintenance.
So back to your original example –
User A creates/imports Item001 – and adds (manually or as part of the import) USER GROUP CUST1 to the “Access Control” field. This (with the above mentioned criteria and appropriate privileges) makes it so the other Users that belong to USER GROUP CUST1 can discover, read, and/or modify the object.
The Access Control field (MultilistXX) uses the USER GROUPS list so that it can be populated with the appropriate user groups and so you can use the $USERGROUP variable in your criteria.